Stepping Forward with the 2012 World IPv6 Launch

On June 8, 2011, the Internet Society hosted an international one-day event which became known as World IPv6 Day. This year, June 6, 2012 marks the beginning of World IPv6 Launch, the day when website operators, network operators and home router vendors are being encouraged to turn on IPv6 and leave it on.

The 2011 World IPv6 Day event was an opportunity for website and networks operators to trial IPv6 functionality for a day and see what worked and what needed to be understood better. It was an opportunity to face the fear, uncertainty and doubt which has plagued and haunted IPv6 almost since the IP version’s introduction in 1994.

For the most part, the 2011 World IPv6 Day event went very smoothly. A primary challenge was for organizations to make their primary web sites accessible via both IPv6 and IPv4. The Internet Society (organizer of World IPv6 Day) also asked network operators to inform their customers about issues they could encounter on World IPv6 Day. Some organizational web sites also attempted to identify what they thought were “broken stacks” and warned users with these potentially broken stacks that they may have problems accessing the organization’s services during World IPv6 Day. Some World IPv6 Day participants ran “war rooms,” where they monitored their networks and customer call centers for problems related to IPv6. For the most parts these war rooms were quiet.

One of the surprises of World IPv6 Day was that even though there were a large number of web sites participating in World IPv6 Day, there wasn’t a proportionate jump in the quantity of IPv6 traffic observed on the Internet. In hindsight, this shouldn’t have been a surprise. On June 8, 2011, the number of IPv6-enabled web sites may have increased considerably, but the quantity of users who could access the IPv6-enabled web sites via IPv6 had not increased.

This is perhaps one of the motivations behind why network operators are being challenged in World IPv6 Launch to configure their networks such that 1% of the web accesses from their customers are via IPv6 transport. Without users with the ability to reach IPv6 enabled web sites, IPv6 enabled web sites will not be able to acknowledge that they can support any significant volume of IPv6-enabled users.

Leslie Daigle, Chief Internet Technology Officer at the Internet Society, confirmed that this was a motivation. Said Daigle, “Indeed, it’s been clear for some time that for real IPv6 deployment (which is what is happening with the World IPv6 Launch), there needs to be content for people to access over IPv6, and people that can access content on IPv6-enabled websites. So, we had both content providers and operators in the room when discussing this year’s challenge. 1% is enough traffic to demonstrate that access providers are well advanced in their actual deployment plans. With that, and the fact that content providers are turning on IPv6 and leaving it on for this year’s challenge, we have the basis for our statement that: this time it’s for real; after June 6 2012, IPv6 is the new normal for Internetworking.”

It is easy to underestimate the complexity of ensuring that a web site can be reached via IPv6, that an network’s customers can reach IPv6-enabled Internet destinations or that a home router is able to interoperate with broadband providers and end-user operating systems to allow the end-user to reach an IPv6-enable web site.

To help illustrate this point, for an organization’s web site to be able to serve up IPv6 web pages, many pieces must be in place and working correctly:

If the organization’s web site utilizes load balancers, the load balancer(s) must support IPv6.

The organization’s DNS infrastructure must correctly support IPv6 (AAAA) record types.

The organization must peer with other networks via IPv6.

Security infrastructure must support IPv6 as well as it does IPv4 traffic and the infrastructure must be aware of uniquely IPv6 challenges. This includes knowing how to handle “packet-too-big” ICMPv6 messages and extension headers. As Arbor Networks’ 7th annual Worldwide Infrastructure Report has illustrated, IPv6 has begun the transformation from novelty to an intrastructure of value which must be protected from attacks.

Routers must provide the functionality that the organization requires to transit IPv6 traffic, and these routers must be able to handle IPv6 traffic at acceptable rates.

Web analytics applications must support IPv6.

Web applications should support IPv6, as should links off the IPv6-enabled web site. There were multiple examples of web sites registered as World IPv6 Day participants, for which the primary web page was IPv6-enabled, but all links and services off the primary web page led to IPv4-only pages and services.

The “IP address geolocation” capabilities must be acceptable for IPv6 (and in fact, this was one of the challenges with IPv6 cited after World IPv6 Day). Many web services rely extensively on reliable IP address geolocation data.

The organization’s primary web site may be hosted by an outside provider which doesn’t support IPv6. This is slowly changing; one of the bigger announcements of IPv6 support recently has been by Akamai At least one university participant in World IPv6 Launch was able to announce an IPv6 address for the campus’ primary web site because of Akamai’s newly announced capabilities.

For the network operator challenge to have 1% of its users access web sites via IPv6, similar complexity exists, while additionally making fulfillment of the challenge based at least partially on the inherent IPv6 capabilities of the end-users’ home network or computer operating system. For a large network of perhaps 10 million customers, not only would the IPv6 connectivity need to be in place in the ISP’s network from the users’ home network to the global Internet, 100,000 users need to have computer operating systems supporting IPv6. As a presentation by Lee Howard of Time Warner Cable pointed out in a mathematically interesting presentation at the US IPv6 Summit in Denver this year, there are several overlapping aspects of their network which must support IPv6 in the right manner before Time Warner Cable’s network will be recognized for having 1% of their traffic being via IPv6 transport.

World IPv6 Launch will be upon us in a very short time. While it has the immediacy of World IPv6 Day, its planners hope IPv6 will become business as usual. Future Internet “challenges” will occur regardless of whether the majority of the world stays with IPv4 or the world migrates to IPv6. Sure, there will be unforeseen problems in implementing IPv6. However, IPv6 is the only sustainable long-term direction for the Internet and Internet Protocol. The time spent solving IPv6 challenges will be more strategically valuable than time spent patching IPv4.

Subscribe to this blog

First Name*

Last Name*

Company*

Email*

Comments

This field is for validation purposes and should be left unchanged.

Asert

Arbor’s Security Engineering & Response Team (ASERT) delivers world-class network security research and analysis for the benefit of today’s enterprise and network operators. ASERT engineers and researchers are part of an elite group of institutions that are referred to as ‘super remediators’ and represent the best in information security. ASERT has both visibility and remediation capabilities at nearly every tier one operator and a majority of service provider networks globally.

ASERT shares operationally viable intelligence with hundreds of international Computer Emergency Response Teams (CERTs) and with thousands of network operators via in-band security content feeds. ASERT also operates the world’s largest distributed honeynet, actively monitoring Internet threats around the clock and around the globe.

Arbor Networks has collaborated with Jigsaw (formerly Google Ideas) to create a data visualization that shows how Distributed Denial of Service (DDoS) attacks have become a global problem. The data is updated daily from Arbor’s global network of sensors and can be viewed at www.digitalattackmap.com